I expect most independents have no professional certification or degree or board oversight and therefore no doctor patient confidentiality.
Who does the CSing and do they have any professional certification or legal oversight?
Who and where are folders stored and who has access to them? What happens to them if there is a cessation of communication or the PC dies or cannot be contacted?
Do you have any control over how the information is transmitted? If it is put into digital form then it can be hacked or distributed more broadly than one might want.